package com.oracle.coherence.patterns.security.extend;

import javax.security.auth.Subject;

/**
 * The ExtendAccessController interface is used by the Proxy services to verify whether or not a caller has sufficient
 * rights to access protected proxied resources.
 * <p/>
 * The implementing class is declared by the "proxy-scheme/security-config/access-controller" element in the
 * coherence-cache-config.xml configuration descriptor and used to control access to protected proxied resources.
 *
 * @author Jonathan Knight
 */
public interface ExtendAccessController {

    /**
     * This method performs the access control checks for the
     * specified <code>CachePermission</code> and <code>Subject</code>.
     * <p/>
     * If the check fails then a <code>java.lang.SecurityException</code>
     * will be thrown.
     * <p/>
     * <b>Note: </b>This method <i>must</i> be implemented to be thread safe.
     * <p/>
     *
     * @param permission The requested permission
     * @param subject    The subject accessing the cache
     * @throws SecurityException if access is not allowed
     */
    void checkPermission(CachePermission permission, Subject subject);

    /**
     * This method performs the access control checks for the
     * specified <code>InvocationPermission</code> and <code>Subject</code>.
     * <p/>
     * If the check fails then a <code>java.lang.SecurityException</code>
     * will be thrown.
     * <p/>
     * <b>Note: </b>This method <i>must</i> be implemented to be thread safe.
     * <p/>
     *
     * @param permission The requested permission
     * @param subject    The subject accessing the cache
     * @throws SecurityException if access is not allowed
     */
    void checkPermission(InvocationPermission permission, Subject subject);

}
